ID CVE-2019-3838
Summary It was found that the forceput operator could be extracted from the DefineResource method in ghostscript before 9.27. A specially crafted PostScript file could use this flaw in order to, for example, have access to the file system outside of the constrains imposed by -dSAFER.
References
Vulnerable Configurations
  • cpe:2.3:a:artifex:ghostscript:-:*:*:*:*:*:*:*
    cpe:2.3:a:artifex:ghostscript:-:*:*:*:*:*:*:*
  • cpe:2.3:a:artifex:ghostscript:8_64:*:*:*:*:*:*:*
    cpe:2.3:a:artifex:ghostscript:8_64:*:*:*:*:*:*:*
  • cpe:2.3:a:artifex:ghostscript:9.00:*:*:*:*:*:*:*
    cpe:2.3:a:artifex:ghostscript:9.00:*:*:*:*:*:*:*
  • cpe:2.3:a:artifex:ghostscript:9.01:*:*:*:*:*:*:*
    cpe:2.3:a:artifex:ghostscript:9.01:*:*:*:*:*:*:*
  • cpe:2.3:a:artifex:ghostscript:9.02:*:*:*:*:*:*:*
    cpe:2.3:a:artifex:ghostscript:9.02:*:*:*:*:*:*:*
  • cpe:2.3:a:artifex:ghostscript:9.04:*:*:*:*:*:*:*
    cpe:2.3:a:artifex:ghostscript:9.04:*:*:*:*:*:*:*
  • cpe:2.3:a:artifex:ghostscript:9.05:*:*:*:*:*:*:*
    cpe:2.3:a:artifex:ghostscript:9.05:*:*:*:*:*:*:*
  • cpe:2.3:a:artifex:ghostscript:9.06:*:*:*:*:*:*:*
    cpe:2.3:a:artifex:ghostscript:9.06:*:*:*:*:*:*:*
  • cpe:2.3:a:artifex:ghostscript:9.07:*:*:*:*:*:*:*
    cpe:2.3:a:artifex:ghostscript:9.07:*:*:*:*:*:*:*
  • cpe:2.3:a:artifex:ghostscript:9.09:*:*:*:*:*:*:*
    cpe:2.3:a:artifex:ghostscript:9.09:*:*:*:*:*:*:*
  • cpe:2.3:a:artifex:ghostscript:9.10:*:*:*:*:*:*:*
    cpe:2.3:a:artifex:ghostscript:9.10:*:*:*:*:*:*:*
  • cpe:2.3:a:artifex:ghostscript:9.14:*:*:*:*:*:*:*
    cpe:2.3:a:artifex:ghostscript:9.14:*:*:*:*:*:*:*
  • cpe:2.3:a:artifex:ghostscript:9.15:*:*:*:*:*:*:*
    cpe:2.3:a:artifex:ghostscript:9.15:*:*:*:*:*:*:*
  • cpe:2.3:a:artifex:ghostscript:9.16:*:*:*:*:*:*:*
    cpe:2.3:a:artifex:ghostscript:9.16:*:*:*:*:*:*:*
  • cpe:2.3:a:artifex:ghostscript:9.18:*:*:*:*:*:*:*
    cpe:2.3:a:artifex:ghostscript:9.18:*:*:*:*:*:*:*
  • cpe:2.3:a:artifex:ghostscript:9.19:*:*:*:*:*:*:*
    cpe:2.3:a:artifex:ghostscript:9.19:*:*:*:*:*:*:*
  • cpe:2.3:a:artifex:ghostscript:9.20:*:*:*:*:*:*:*
    cpe:2.3:a:artifex:ghostscript:9.20:*:*:*:*:*:*:*
  • cpe:2.3:a:artifex:ghostscript:9.21:*:*:*:*:*:*:*
    cpe:2.3:a:artifex:ghostscript:9.21:*:*:*:*:*:*:*
  • cpe:2.3:a:artifex:ghostscript:9.22:*:*:*:*:*:*:*
    cpe:2.3:a:artifex:ghostscript:9.22:*:*:*:*:*:*:*
  • cpe:2.3:a:artifex:ghostscript:9.23:*:*:*:*:*:*:*
    cpe:2.3:a:artifex:ghostscript:9.23:*:*:*:*:*:*:*
  • cpe:2.3:a:artifex:ghostscript:9.24:*:*:*:*:*:*:*
    cpe:2.3:a:artifex:ghostscript:9.24:*:*:*:*:*:*:*
  • cpe:2.3:a:artifex:ghostscript:9.25:*:*:*:*:*:*:*
    cpe:2.3:a:artifex:ghostscript:9.25:*:*:*:*:*:*:*
  • cpe:2.3:a:artifex:ghostscript:9.26:*:*:*:*:*:*:*
    cpe:2.3:a:artifex:ghostscript:9.26:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:ansible_tower:3.3:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:ansible_tower:3.3:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux:5.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux:5.0:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
  • cpe:2.3:o:fedoraproject:fedora:28:*:*:*:*:*:*:*
    cpe:2.3:o:fedoraproject:fedora:28:*:*:*:*:*:*:*
  • cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*
    cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*
  • cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*
    cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*
  • cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*
    cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*
  • cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*
    cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*
  • cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
    cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
  • cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
    cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
CVSS
Base: 4.3 (as of 15-10-2020 - 14:05)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL NONE NONE
cvss-vector via4 AV:N/AC:M/Au:N/C:P/I:N/A:N
redhat via4
advisories
  • bugzilla
    id 1677588
    title CVE-2019-3835 ghostscript: superexec operator is available (700585)
    oval
    OR
    • comment Red Hat Enterprise Linux must be installed
      oval oval:com.redhat.rhba:tst:20070304026
    • AND
      • comment Red Hat Enterprise Linux 7 is installed
        oval oval:com.redhat.rhba:tst:20150364027
      • OR
        • AND
          • comment ghostscript is earlier than 0:9.07-31.el7_6.10
            oval oval:com.redhat.rhsa:tst:20190633001
          • comment ghostscript is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20120095009
        • AND
          • comment ghostscript-cups is earlier than 0:9.07-31.el7_6.10
            oval oval:com.redhat.rhsa:tst:20190633003
          • comment ghostscript-cups is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20170013004
        • AND
          • comment ghostscript-devel is earlier than 0:9.07-31.el7_6.10
            oval oval:com.redhat.rhsa:tst:20190633005
          • comment ghostscript-devel is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20120095011
        • AND
          • comment ghostscript-doc is earlier than 0:9.07-31.el7_6.10
            oval oval:com.redhat.rhsa:tst:20190633007
          • comment ghostscript-doc is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20120095013
        • AND
          • comment ghostscript-gtk is earlier than 0:9.07-31.el7_6.10
            oval oval:com.redhat.rhsa:tst:20190633009
          • comment ghostscript-gtk is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20120095015
    rhsa
    id RHSA-2019:0633
    released 2019-03-21
    severity Important
    title RHSA-2019:0633: ghostscript security and bug fix update (Important)
  • rhsa
    id RHSA-2019:0652
  • rhsa
    id RHSA-2019:0971
rpms
  • ghostscript-0:9.07-31.el7_6.10
  • ghostscript-cups-0:9.07-31.el7_6.10
  • ghostscript-debuginfo-0:9.07-31.el7_6.10
  • ghostscript-devel-0:9.07-31.el7_6.10
  • ghostscript-doc-0:9.07-31.el7_6.10
  • ghostscript-gtk-0:9.07-31.el7_6.10
  • ghostscript-0:9.25-2.el8_0.1
  • ghostscript-debuginfo-0:9.25-2.el8_0.1
  • ghostscript-debugsource-0:9.25-2.el8_0.1
  • ghostscript-doc-0:9.25-2.el8_0.1
  • ghostscript-gtk-debuginfo-0:9.25-2.el8_0.1
  • ghostscript-tools-dvipdf-0:9.25-2.el8_0.1
  • ghostscript-tools-fonts-0:9.25-2.el8_0.1
  • ghostscript-tools-printing-0:9.25-2.el8_0.1
  • ghostscript-x11-0:9.25-2.el8_0.1
  • ghostscript-x11-debuginfo-0:9.25-2.el8_0.1
  • libgs-0:9.25-2.el8_0.1
  • libgs-debuginfo-0:9.25-2.el8_0.1
  • libgs-devel-0:9.25-2.el8_0.1
refmap via4
bugtraq
  • 20190402 [slackware-security] ghostscript (SSA:2019-092-01)
  • 20190417 [SECURITY] [DSA 4432-1] ghostscript security update
confirm https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3838
debian DSA-4432
fedora
  • FEDORA-2019-1a2c059afd
  • FEDORA-2019-9f28451404
  • FEDORA-2019-d5d9cfd359
gentoo GLSA-202004-03
misc
mlist [debian-lts-announce] 20190423 [SECURITY] [DLA 1761-1] ghostscript security update
suse
  • openSUSE-SU-2019:1119
  • openSUSE-SU-2019:1121
Last major update 15-10-2020 - 14:05
Published 25-03-2019 - 19:29
Last modified 15-10-2020 - 14:05
Back to Top